3 Comments:

Bill, it looks as if they've discovered a vulnerability in FF 3.5.1 as well: https://isc.sans.org/diary.html?storyid=6829. Is this the same sort of problem as before? If we've updated to 3.5.1 and changed the jit in about:config back to true, should we change it back again to false?

No, the flaw that has been mentioned is not the same kind of vulnerability as reported before. At this time, there are no sites who have been able to distribute malware via what Mozilla currently considers a bug.